Know What's Happening in Cybersecurity
Know What's Happening in Cybersecurity
Cybersecurity Pulse
EMAIL DIGESTS
Daily
Every morning
Weekly
Tuesday recap
EMAIL DIGESTS
Daily
Every morning
Weekly
Tuesday recap
Ransomware and supply‑chain breaches surge across sectors
The Cyber Express reports a sharp rise in ransomware incidents and supply‑chain compromises across multiple industries. Notable breaches include a ransomware intrusion at Hasbro, a malicious package update that hit AI startup Mercor via the LiteLLM project, and a North Korean‑linked attack on the Axios JavaScript library.
Kazakhstan is drafting legislation to impose criminal liability for mass leaks of personal data, as proposed by the Ministry of Artificial Intelligence and Digital Development. The same proposal would dramatically increase administrative fines for organizations that fail to meet information‑security requirements. The move reflects a broader push to strengthen data‑protection enforcement across the country. If enacted, the rules could reshape compliance obligations for both domestic firms and foreign investors operating in Kazakhstan.
Searchlight Cyber introduced Ransomware File Explorer, a new feature in its Cerberus platform that provides searchable visibility into file‑tree data posted on ransomware leak sites. The tool indexes file‑tree metadata, enabling instant keyword searches without handling malicious archives. It helps...
Salt Security announced two strategic integrations that broaden its Universal Visibility platform: the Salt Databricks Connector and the Salt Netlify Collector. The Databricks connector provides dedicated API‑security discovery for the Agentic AI Action Layer, mapping AI agents’ API calls and...
NVIDIA released a patch on January 20 2026 for four critical vulnerabilities in its CUDA Toolkit, affecting Nsight Systems and Nsight Visual Studio tools. The flaws enable local command injection and arbitrary code execution through inadequate input validation and insecure DLL loading,...
A critical vulnerability identified as CVE‑2025‑13878 affects BIND 9 DNS servers, allowing remote attackers to crash the named process using malformed BRID or HHIT records. The flaw impacts several stable branches—9.18.40‑9.18.43, 9.20.13‑9.20.17, and 9.21.12‑9.21.16—and carries a CVSS v3.1 score of 7.5,...
Microsoft has identified a sophisticated AiTM phishing campaign targeting energy‑sector organizations. Attackers use compromised trusted email accounts to send “NEW PROPOSAL – NDA” messages containing a malicious SharePoint link that leads to a fake login page. The page captures credentials...
Banks can turn first-party fraud from a hidden vulnerability into a competitive advantage if they rethink dispute processes. Join our conversation with @shanthi_peace, CEO of Casap. Watch the full episode: https://t.co/aCTj9YH63K https://t.co/vmuPbei31q
Keyfactor and IBM Consulting have unveiled a joint solution that streamlines post‑quantum cryptography (PQC) readiness for enterprises. The offering blends Keyfactor’s automated cryptographic discovery, PKI lifecycle management, and digital signing with IBM Consulting’s cybersecurity governance, quantum‑safe delivery frameworks, and AI‑driven...
Obsidian Security unveiled a new suite that provides end‑to‑end protection for SaaS‑to‑SaaS integrations, addressing a surge in supply‑chain attacks that exploit OAuth tokens and blind spots in traditional tools. The platform offers real‑time breach detection, visibility into unauthorized “shadow” connections,...
A sophisticated multi‑stage phishing campaign is targeting PNB MetLife insurance customers through mobile‑optimized fake payment‑gateway pages hosted on free EdgeOne Pages. The first stage harvests personal details and forces fraudulent UPI payments using dynamically generated QR codes and clipboard manipulation. A...
JA3 fingerprinting, once considered outdated, is re‑emerging as a potent tool for tracking malicious infrastructure. By hashing TLS ClientHello parameters, JA3 creates a stable identifier that persists across malware variants. Recent threat‑intel investigations linked specific JA3 hashes to Remcos RAT,...
Flipit launched a Chrome extension that overlays a “back of the internet” layer, allowing users to post and view real‑time reviews on any website. The platform stores review data on IPFS via a distributed network of Flipit Cores, providing decentralized,...
ZEST Security introduced AI Sweeper Agents that assess whether discovered vulnerabilities can actually be exploited in a given IT environment. The solution uses three specialized agents—Analysis, Environment‑Evaluation, and Validation—to match exploit requirements against an organization’s configuration. ZEST reports that more...
Finextra announced NextGen FinCrime: Dirty Money, Clean Systems, an executive‑level conference slated for 8 July 2026 at the London Conference Centre. The event targets senior finance leaders, regulators and technology providers to confront the growing threat of sophisticated financial crime amid rapid...
Google Workspace’s default security leaves critical gaps, especially in Gmail where Business Email Compromise and sophisticated spear‑phishing thrive. Native protections lack contextual awareness of VIP contacts and cannot fully safeguard years‑long email archives. The article recommends enabling advanced scanning, enforcing...
Silent Push, a preemptive cyber‑defense startup, unveiled Traffic Origin, a solution that pinpoints the true upstream source of obfuscated web traffic such as residential proxies, VPNs, and bot farms. The platform delivers high‑confidence risk indicators, country‑connected data, and visual context...
Debian now runs on the OpenWrt One router hardware. Engineers added low‑level platform support, bootloader tweaks, and system initialization scripts to enable Debian to boot directly without abstraction layers. The OpenWrt One serves as a reference device for the OpenWrt...
Over 160,000 companies reported GDPR breaches in 2025, a 22% increase year‑over‑year. Daily average notifications jumped to 443, the first time since 2018 that the figure exceeded 400. Germany, the Netherlands and Poland accounted for the highest breach counts, while...
Apple Pay processes trillions of transactions annually, yet scammers exploit its popularity through social‑engineering tricks and NFC‑based malware. The most common frauds include phishing, marketplace overpayment, fake receipts, unsolicited payments, and public‑Wi‑Fi credential harvesting. Researchers observed a near‑doubling of NFC‑abusing...
A critical authentication‑bypass flaw in SmarterTools' SmarterMail was patched on Jan 15, 2026, but attackers began exploiting it by Jan 17, 2026. The vulnerability allows unauthenticated users to reset the system administrator password via the /api/v1/auth/force-reset-password endpoint and then execute OS commands, yielding a...
EaseUS released Disk Copy 7.0.0, adding full disk‑imaging capabilities to its previously cloning‑only tool. Users can now create compressed image files, store them independently, and restore them to physical or virtual disks without needing both drives connected. The update also...
A new ClickFix campaign is hijacking Facebook accounts by luring users into fake verification and appeal pages that instruct them to extract live session tokens (c_user and xs) from their browsers. The operation spans 115 phishing pages hosted on abuse‑friendly...
I wrote a short post on how the impact of cyber attacks is determined by the target, not the attacker. It’s important to remember how much control the defender has over not just the terrain but the effects of an...
A malicious PyPI package named sympy-dev impersonates the popular SymPy library, using typosquatting to lure developers into installing it. Four versions (1.2.3‑1.2.6) were released on Jan 17 2026 and amassed over 1,000 downloads within the first day. The package embeds a memory‑only...
Saga announced a pause of its Ethereum‑compatible chainlet after a $7 million exploit that de‑pegged its US‑dollar stablecoin to $0.75. The attack involved coordinated contract deployments and cross‑chain activity, prompting the team to halt the chain at block 6,593,800 while investigating. Saga’s...
James Wickett, CEO of DryRun Security, warns that organizations are rapidly embedding large‑language‑model (LLM) features into live products without adequate safeguards. He highlights the danger of AI‑generated code being trusted for critical business logic and access control. The video stresses...
In this episode, hosts Dave Bittner, Joe Carrigan, and Maria Varmazis dissect recent social‑engineering threats, from politically‑charged SendGrid phishing campaigns to a crackdown on Southeast Asian scam networks after the arrest of alleged kingpin Chen Zhi. They share real‑world anecdotes,...
A Vodafone Business survey of 1,000 UK senior leaders reveals that one in ten believe their company would not survive a major cyberattack. While 63% say the risk of attack has risen over the past year, only 45% have ensured...
Modern hiring increasingly relies on fast, automated background checks that often limit employment history, address data, and education verification to a few days. The article argues that this speed comes at the expense of critical human‑focused layers such as rigorous...
ClearFake, a JavaScript‑based malware distribution framework, has upgraded its evasion tactics by abusing the legitimate Windows script SyncAppvPublishingServer.vbs to execute hidden PowerShell commands via proxy execution. The campaign retrieves multi‑stage payloads from smart contracts on the BNB Smart Chain testnet,...
The recent Thales‑Google Workspace webinar highlighted practical ways to achieve digital sovereignty through client‑side encryption and Thales CipherTrust. It underscored how Google Workspace’s zero‑trust architecture, regional data storage, and external key management give organizations control over encryption keys. The discussion...
International Data Corporation (IDC) highlighted NSFOCUS AI‑SCAN in its October 2025 report, ranking it highly across six core LLM‑security dimensions. The platform offers comprehensive model, data, content, and application security, plus industry‑specific adaptation and unified management. AI‑SCAN currently supports more than...
In this episode, Johannes Ullrich highlights four critical security issues: the risk of automatic script execution in Visual Studio Code via tasks.json files, a critical remote code execution flaw in Cisco Unified Communications products, a high‑severity command‑injection vulnerability in Zoom's...
Apple’s macOS Tahoe introduces a suite of privacy‑focused features that screen unwanted calls, messages, and online tracking. Native Phone, Messages and FaceTime now offer system‑level unknown‑contact controls, while Safari extends Advanced Fingerprinting Protection to every browsing session. Parental tools let...
The Dotenv Mask Editor is a Visual Studio Code extension that provides a grid‑based interface for editing .env files while automatically masking any value longer than six characters. Masked entries appear as asterisks in the view and only reveal their...
Australian bank NAB warns that scammers are impersonating its analyst Tom Piotrowsk, contributing to a 15 percent rise in investment fraud. The bank says 70 percent of losses start on social‑media platforms, where fraudsters use urgency and fake endorsements to lure victims. Scams...
Microsoft has released security baseline version 2512 for Microsoft 365 Apps for enterprise, providing recommended policy settings across Word, Excel, PowerPoint, Outlook, and Access. The baseline addresses macros, add‑ins, ActiveX, Protected View, and update behavior, and is delivered as Group Policy objects...
A new Android click‑fraud trojan family uses TensorFlow.js to run AI models inside a hidden WebView, visually identifying and tapping ads instead of relying on static JavaScript code. The malware is distributed through Xiaomi’s GetApps store, third‑party mod APK sites,...
Ethereum just hit an all-time high in daily transactions But much of the activity was driven by address poisoning attacks https://t.co/rBDQRtSqza
PcComponentes, a leading Spanish tech retailer, denied a claim that a breach exposed 16 million customers, stating the figure was inflated. The company confirmed a credential‑stuffing attack that compromised a limited set of accounts, revealing names, addresses and contact details. Threat...
The NDSS 2025 paper introduces Tweezers, a framework that leverages an event attribution‑centric tweet embedding to detect security events on Twitter. By focusing on semantic attribution rather than simple keyword matching, Tweezers achieves higher precision and broader coverage than prior...
In November 2025 Under Armour fell victim to the Everest ransomware gang, which claimed to have exfiltrated 343 GB of data. On January 21, 2026 a hacking forum published a 72‑million‑record customer dataset containing emails, names, birthdates, genders, locations and purchase...
On 1 January 2026 Hong Kong’s Office of the Commissioner of Critical Infrastructure (Computer‑system Security) released a Code of Practice (CoP) under the Protection of Critical Infrastructures (Computer Systems) Ordinance, which also took effect that day. The CoP translates the Ordinance’s high‑level...
Zoom released security patches that fix a critical command‑injection flaw (CVE‑2026‑22844) in its Node Multimedia Routers (MMR). The vulnerability, rated 9.9 on the CVSS scale, could let a meeting participant execute arbitrary code on affected MMRs. Versions prior to 5.2.1716.0...
A new EPIC report warns that the U.S. health‑privacy crisis is deepening as data brokers sell medical information and ICE agents operate inside hospitals. Outdated privacy statutes and lax enforcement let private firms and government agencies harvest, share, and repurpose...
The episode explains why continuous, delta‑only replication is evolving from a backup shortcut into a core cyber‑resilience control, enabling near‑real‑time data availability across hybrid environments and reducing reliance on fragile, manual recovery steps. It highlights how this approach mitigates both...
Fortinet’s latest FortiOS releases (7.4.9 and 7.4.10) failed to fully remediate the critical CVE‑2025‑59718 authentication bypass, allowing attackers to create privileged admin accounts via crafted SAML messages. Administrators have reported successful exploits on patched firewalls, prompting Fortinet to announce emergency...
A critical vulnerability has been discovered in GNU InetUtils telnetd versions 1.9.3 through 2.7 that allows remote attackers to obtain root privileges without a password. The flaw stems from an unsanitized USER environment variable that can inject the "-f root"...
Retailers are increasingly targeted by web privacy lawsuits, with 43% of recent claims focused on the consumer discretionary sector. Smaller stores under $100 million in revenue account for nearly 60% of filings, often leveraging outdated statutes like California’s 1967 Invasion of...
